Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC
From: "Debasis Mohanty" <mail () hackingspirits com>
Date: Sat, 1 Oct 2005 20:41:00 +0530

I tested this earlier, SendMessage() / SetDlgItem() / SetWindowText()
doesn't work for the current version of ZA Products (ZA Pro / Internet Sec
Suit). 

This helps preventing the most wellknown windows local attack - Shatter
Attack.

However, I still can see a way out for their latest product... Will be
updated soon.

- Tr0y


-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Thierry
Zoller
Sent: Saturday, October 01, 2005 3:39 PM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Re: Bypassing Personal Firewall (Zone
AlarmPro)Using DDE-IPC

Dear Paul,

PL>  And in their press release, only the free is affected.
Which makes this discovery [ although a bit outdated ->
SendMessageApi() ] even more important, possibly a few million users
affected.

--
Thierry Zoller
Packet sniffer : http://www.sniff-em.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]